Request for comments on Nginx configuration

mandela nginx-forum at forum.nginx.org
Thu May 27 18:55:03 UTC 2021


Hello all. I would like to have comments from the Nginx community on the
following configuration:

worker_processes auto;
error_log /var/www/log/nginx.log;

events {
	multi_accept on;
	worker_connections 16384;
}

http {
	include nginx.deny;
	include mime.types;
	default_type application/octet-stream;
	aio on;
	sendfile on;
	tcp_nopush on;
	gzip on;
	gzip_comp_level 6;
	gzip_min_length 1024;
	gzip_types
		application/javascript
		application/json
		application/xml
		image/svg+xml
		image/x-icon
		text/plain
		text/css
		text/xml
		;
	lua_shared_dict dict 16k;
	log_format main $time_iso8601
		' srs="$status"'
		' srt="$request_time"'
		' crl="$request"'
		' crh="$host"'
		' cad="$remote_addr"'
		' ssp="$server_port"'
		' scs="$upstream_cache_status"'
		' sua="$upstream_addr"'
		' suc="$upstream_connect_time"'
		' sut="$upstream_response_time"'
		' sgz="$gzip_ratio"'
		' sbs="$body_bytes_sent"'
		' cau="$remote_user"'
		' ccr="$connection_requests"'
		' ccp="$pipe"'
		' crs="$scheme"'
		' crm="$request_method"'
		' cru="$request_uri"'
		' crp="$server_protocol"'
		' chh="$http_host"'
		' cha="$http_user_agent"'
		' chr="$http_referer"'
		' chf="$http_x_forwarded_for"'
		;
	server_tokens off;
	reset_timedout_connection on;
	access_log /var/www/log/access.log main;

	fastcgi_cache main;
	fastcgi_cache_key $host:$server_port$uri;
	fastcgi_cache_methods GET HEAD;
	fastcgi_ignore_headers Cache-Control Expires;
	fastcgi_cache_path /tmp/nginx
		levels=2:2
		keys_zone=main:4m
		inactive=24h
		;
	ssl_certificate /etc/ssl/server.pem;
	ssl_certificate_key /etc/ssl/server.key;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:4m;
	ssl_session_timeout 15m;

	upstream upstream {
		server unix:/tmp/php-fpm.sock;
		server 127.0.0.1:9000;
		server [::1]:9000;
	}

	map $http_origin $_origin {
		default *;
		'' '';
	}

	server {
		listen 80;
		return 301 https://$host$request_uri;
	}

	server {
		listen 443 ssl http2;
		include nginx.filter;
		location / {
			set $_v1 '';
			set $_v2 '';
			set $_v3 '';
			rewrite_by_lua_block {
				local dict = ngx.shared.dict
				local host = ngx.var.host
				local data = dict:get(host)
				if data == nil then
					local labels = {}
					for s in host:gmatch('[^.]+') do
						table.insert(labels, 1, s)
					end
					data = labels[1] or ''
					local index = 2
					while index <= #labels and #data < 7 do
						data = data .. '/' .. labels[index]
						index = index + 1
					end
					local f = '/usr/home/www/src/' .. data .. '/app.php'
					local _, _, code = os.rename(f, f)
					if code == 2 then
						return ngx.exit(404)
					end
					if labels[index] == 'cdn' then
						data = data .. '|/tmp/www/cdn/' .. data
					else
						data = data .. '|/var/www/pub/'
							.. table.concat(labels, '/') .. '/-'
					end
					data = data .. '|' .. f
					dict:add(host, data)
					ngx.log(ngx.ERR, 'dict:add('..host..','..data..')')
				end
				local i = 1
				for s in data:gmatch('[^|]+') do
					ngx.var["_v" .. i] = s
					i = i + 1
				end
			}
			alias /;
			try_files
				$_v2$uri
				/var/www/pub/$_v1/!$uri
				/var/www/pub/!$uri
				@;
			add_header Access-Control-Allow-Origin $_origin;
			expires 28d;
		}
		location dir: {
			alias /;
			index :none;
			autoindex on;
		}
		location file: {
			alias /;
		}
		location @ {
			fastcgi_param DOCUMENT_ROOT   $_v2;
			fastcgi_param SCRIPT_FILENAME $_v3;
			fastcgi_param SCRIPT_NAME     $fastcgi_script_name;
			fastcgi_param SERVER_PROTOCOL $server_protocol;
			fastcgi_param SERVER_ADDR     $server_addr;
			fastcgi_param SERVER_PORT     $server_port;
			fastcgi_param SERVER_NAME     $host;
			fastcgi_param REMOTE_ADDR     $remote_addr;
			fastcgi_param REMOTE_PORT     $remote_port;
			fastcgi_param REQUEST_SCHEME  $scheme;
			fastcgi_param REQUEST_METHOD  $request_method;
			fastcgi_param REQUEST_URI     $request_uri;
			fastcgi_param QUERY_STRING    $query_string;
			fastcgi_param CONTENT_TYPE    $content_type;
			fastcgi_param CONTENT_LENGTH  $content_length;
			fastcgi_pass  upstream;
		}
	}
}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291674,291674#msg-291674



More information about the nginx mailing list